CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools

Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.

Dark Reading Staff, Dark Reading

June 17, 2020

1 Min Read

An internal CIA report found that the majority of the agency's top-secret hacking tools were improperly secured, including the use of shared administrator passwords and a lack of proper control over removable media. The report, released today by Sen. Ron Wyden (D-Ore.), found that it wasn't until the tools were posted on WikiLeaks in 2017 that the agency learned of its data breach.

In a letter today to US Director of National Intelligence John Ratcliffe, Wyden noted that the CIA's lax security surrounding its so-called cyberweapons appears to reflect a systemic problem in the intelligence community.

The redacted CIA report said: "We assess that in spring 2016 a CIA employee stole at least 180 gigabytes to as much as 34 terabytes of information. This is roughly equivalent to 11.6 million to 2.2 billion pages in Microsoft Word. This data loss includes cyber tools that resided on the Center for Cyber Intelligence (CCI) software development network (DevLAN)."

The report goes on to state: "In a press to meet growing and critical mission needs, CCI had prioritized building cyber weapons at the expense of securing their own systems." 

Read more here and here.








Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights